TNW Sites

At approximately 3pm PST, the Syrian Electronic Army seemingly hacked into Twitter, Huffington Post and NY Times’ registry accounts altering contact details, and more significantly, DNS records. Modifying DNS records of a domain will allow SEA to redirect visitors to any site of their choosing.

Contact details for the Twitter.com domain were changed, but it’s reasonable to assume that if the SEA had the ability to change contact information, they may very well have had the ability to change DNS records and point the Twitter.com domain elsewhere, redirecting visitors and users.

The SEA also altered the DNS records for twimg.com which Twitter uses for virtually all CSS, JS, images, cookies and more. This means for many users, Twitter.com wouldn’t load correctly and avatars were unavailable across many Twitter clients.

“The New York Times Web site was unavailable to readers on Tuesday afternoon following an attack on the company’s domain name registrar, Melbourne IT. The attack also required employees of The Times to stop sending out sensitive e-mails.”

HuffingtonPost UK also had its DNS records altered but as 4pm PST both HuffingtonPost UK’s whois and DNS records as well as those of Twitter’s appears to have been corrected. Twimg and NY Times’ still include records pointing to the SEA.

Twitter has issued a statement on the matter, only addressing the twimg.com downtime.

“At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident.”

If you’ve not heard of the Syrian Electronics Army, then you might find it interesting to know that this is the group that is responsible for cyber attacks against the BBC, the Associated Press, the Guardian, and, obviously, Twitter. It says that its aim is to go after those that oppose Syria’s President Bashar al-Assad, although in some attacks, the motives are questionable. The Verge recently analyzed the group and says that the SEA frequently departs from its original message and shifts towards a more comedic front, akin to something you might see from Lulzsec.

In its report, The Verge quoted Eva Galperin, global public policy analyst at the Electronic Frontier Foundation:

While it may seem a little bit like they’re doing it for the lulz because it is kind of random, it is ideologically motivated in the sense that these are all supporters of the Assad regime. And they’re looking to get a message out about what they feel is bias in the media against Assad.

Why exactly did the SEA attack Twitter, the New York Times, and the Huffington Post via MelbourneIT? It’s not entirely sure, but one could speculate that it’s because of what some may believe to be an impending strike by the United States against Syria. The proposed missile strike is said to last for three days and is in response to Syria’s supposed use of chemical weapons on its civilians.